diff --git a/80-rhccc-disable-rhui-repos.preset b/80-rhccc-disable-rhui-repos.preset
new file mode 100644
index 0000000..d2d02ec
--- /dev/null
+++ b/80-rhccc-disable-rhui-repos.preset
@@ -0,0 +1 @@
+enable rhccc-disable-rhui-repos.service
diff --git a/redhat-cloud-client-configuration.spec b/redhat-cloud-client-configuration.spec
index 436fc13..91323fd 100644
--- a/redhat-cloud-client-configuration.spec
+++ b/redhat-cloud-client-configuration.spec
@@ -22,6 +22,9 @@ Source9: rhcd-stop.service.in
 Source10: 80-rhcd-register.preset
 Source11: insights-register-cgroupv1.service.in
 Source12: insights-register.path.in
+Source13: rhccc-disable-rhui-repos.py
+Source14: rhccc-disable-rhui-repos.service.in
+Source15: 80-rhccc-disable-rhui-repos.preset
 
 BuildArch:      noarch
 
@@ -32,11 +35,29 @@ Requires:      subscription-manager
 Requires:      rhc
 %endif
 
+Conflicts: %{name}-cdn
+
 BuildRequires: systemd
 
 %description
 Configure client autoregistration for cloud environments
 
+
+%package cdn
+Summary: Red Hat cloud client configuration - CDN
+
+Requires:      insights-client
+Requires:      subscription-manager
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+Requires:      rhc
+%endif
+Conflicts: %{name}
+
+%description cdn
+Configure client autoregistration for cloud environments, connecting directly
+to Red Hat's CDN.
+
+
 %prep
 # we have no source
 
@@ -53,6 +74,7 @@ sed -e 's|@sysconfdir@|%{_sysconfdir}|g' %{SOURCE2} > insights-unregister.path
 sed -e 's|@sysconfdir@|%{_sysconfdir}|g' -e 's|@bindir@|%{_bindir}|g' %{SOURCE3} > insights-unregister.service
 sed -e 's|@sysconfdir@|%{_sysconfdir}|g' %{SOURCE5} > insights-unregistered.path
 sed -e 's|@sysconfdir@|%{_sysconfdir}|g' %{SOURCE6} > insights-unregistered.service
+sed -e 's|@libexecdir@|%{_libexecdir}|g' %{SOURCE14} > rhccc-disable-rhui-repos.service
 
 %if 0%{?rhel} >= 8 || 0%{?fedora}
 # rhcd
@@ -70,9 +92,14 @@ install -m644 insights-unregister.path    %{buildroot}%{_unitdir}/
 install -m644 insights-unregister.service %{buildroot}%{_unitdir}/
 install -m644 insights-unregistered.path %{buildroot}%{_unitdir}/
 install -m644 insights-unregistered.service %{buildroot}%{_unitdir}/
+install -m644 rhccc-disable-rhui-repos.service %{buildroot}%{_unitdir}/
 install -d %{buildroot}%{_presetdir}
 install -m644 %{SOURCE4} -t %{buildroot}%{_presetdir}/
 
+install -d %{buildroot}%{_libexecdir}
+install %{SOURCE13} %{buildroot}%{_libexecdir}
+install -m644 %{SOURCE15} -t %{buildroot}%{_presetdir}/
+
 %if 0%{?rhel} >= 8 || 0%{?fedora}
 # rhcd
 install -D -m644 rhcd.path %{buildroot}%{_unitdir}/
@@ -197,8 +224,144 @@ fi
 
 
 %files
-%{_unitdir}/*
-%{_presetdir}/*
+%{_presetdir}/80-insights-register.preset
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+%{_presetdir}/80-rhcd-register.preset
+%endif
+%{_unitdir}/insights-register.path
+%{_unitdir}/insights-register.service
+%{_unitdir}/insights-unregister.path
+%{_unitdir}/insights-unregister.service
+%{_unitdir}/insights-unregistered.path
+%{_unitdir}/insights-unregistered.service
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+%{_unitdir}/rhcd-stop.path
+%{_unitdir}/rhcd-stop.service
+%{_unitdir}/rhcd.path
+%endif
+
+
+%post cdn
+# insights-client
+%systemd_post insights-register.path
+%systemd_post insights-unregister.path
+%systemd_post insights-unregistered.path
+%systemd_post rhccc-disable-rhui-repos.service
+# rhcd
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+%systemd_post rhcd.path
+%systemd_post rhcd-stop.path
+%endif
+
+# Make sure that rhsmcertd.service is enabled and running
+%systemd_post rhsmcertd.service
+# Tell RHUI to disable itself, if possible: at this point RHUI might
+# not be installed yet, so this will fail in that case;
+# the firstboot script will disable RHUI again anyway
+touch /var/lib/rhui/disable-rhui || :
+# Run following block only during installation (not during update)
+if [ $1 -eq 1 ]; then
+    # Try to get current value of auto-registration in rhsm.conf
+    subscription-manager config --list | grep -q '^[ \t]*auto_registration[ \t]*=[ \t]*1'
+    if [ $? -eq 0 ]; then
+        auto_reg_enabled=1
+    else
+        auto_reg_enabled=0
+    fi
+
+    # When we are going to change any configuration value, then save original rhsm.conf
+    if [ $auto_reg_enabled -eq 0 ]; then
+        echo -e "#\n# Automatic backup of rhsm.conf created by %{name}-cdn installation script\n#\n" \
+            > /etc/rhsm/rhsm.conf.cloud_save
+        cat /etc/rhsm/rhsm.conf >> /etc/rhsm/rhsm.conf.cloud_save
+    fi
+
+    # Enable auto-registration in rhsm.conf
+    if [ $auto_reg_enabled -eq 0 ]; then
+        subscription-manager config --rhsmcertd.auto_registration=1
+    fi
+
+    # Restart rhsmcertd to reload configuration file, when it is necessary
+    if [ $auto_reg_enabled -eq 0 ]; then
+        /bin/systemctl restart rhsmcertd.service
+    fi
+fi
+
+%preun cdn
+if [ $1 -eq 0 ]; then
+    # Packager removal, unmask register if exists
+    /bin/systemctl unmask --now insights-register.path > /dev/null 2>&1 || :
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+    /bin/systemctl unmask --now rhcd.path > /dev/null 2>&1 || :
+%endif
+fi
+%systemd_preun insights-register.path
+%systemd_preun insights-unregister.path
+%systemd_preun insights-unregistered.path
+%systemd_preun rhccc-disable-rhui-repos.service
+
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+%systemd_preun rhcd.path
+%systemd_preun rhcd-stop.path
+%endif
+
+%postun cdn
+%systemd_postun insights-register.path
+%systemd_postun insights-unregister.path
+%systemd_postun insights-unregistered.path
+%systemd_postun rhccc-disable-rhui-repos.service
+
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+%systemd_postun rhcd.path
+%systemd_postun rhcd-stop.path
+%endif
+
+rm -f /var/lib/rhui/disable-rhui
+
+# Run following block only during removal (not during update)
+if [ $1 -eq 0 ]; then
+    if [ -f /etc/rhsm/rhsm.conf.cloud_save ]; then
+        rhsmcertd_restart_required=0
+
+        # When auto-registration was originally disabled and we had
+        # to enable it during installation of this RPM, then disable it
+        # again during removal of RPM package to restore original state.
+        grep -q '^[ \t]*auto_registration[ \t]*=[ \t]*0' /etc/rhsm/rhsm.conf.cloud_save
+        if [ $? -eq 0 ]; then
+            subscription-manager config --rhsmcertd.auto_registration=0
+            rhsmcertd_restart_required=1
+        fi
+
+        # Restart rhsmcertd to propagate change in rhsm.conf
+        if [ $rhsmcertd_restart_required -eq 1 ]; then
+            %systemd_postun_with_restart rhsmcertd.service
+        fi
+
+        # Script should clean up after itself
+        rm -f /etc/rhsm/rhsm.conf.cloud_save
+    fi
+fi
+
+
+%files cdn
+%{_libexecdir}/rhccc-disable-rhui-repos.py
+%{_presetdir}/80-insights-register.preset
+%{_presetdir}/80-rhccc-disable-rhui-repos.preset
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+%{_presetdir}/80-rhcd-register.preset
+%endif
+%{_unitdir}/insights-register.path
+%{_unitdir}/insights-register.service
+%{_unitdir}/insights-unregister.path
+%{_unitdir}/insights-unregister.service
+%{_unitdir}/insights-unregistered.path
+%{_unitdir}/insights-unregistered.service
+%{_unitdir}/rhccc-disable-rhui-repos.service
+%if 0%{?rhel} >= 8 || 0%{?fedora}
+%{_unitdir}/rhcd-stop.path
+%{_unitdir}/rhcd-stop.service
+%{_unitdir}/rhcd.path
+%endif
 
 
 %changelog
diff --git a/rhccc-disable-rhui-repos.py b/rhccc-disable-rhui-repos.py
new file mode 100755
index 0000000..6dc47d3
--- /dev/null
+++ b/rhccc-disable-rhui-repos.py
@@ -0,0 +1,42 @@
+#!/usr/bin/python3
+
+import configparser
+import pathlib
+import sys
+
+
+def process_repo(p):
+    config = configparser.ConfigParser(interpolation=None)
+    try:
+        with p.open() as f:
+            config.read_file(f, str(p))
+        changed = 0
+        for section in config.sections():
+            try:
+                url = config.get(section, "mirrorlist", fallback=None) or config.get(
+                    section, "baseurl"
+                )
+                if "/rhui/" in url and config.getboolean(
+                    section, "enabled", fallback=True
+                ):
+                    config.set(section, "enabled", "0")
+                    changed += 1
+            except configparser.NoOptionError as e:
+                print(f"Warning when processing {p}: {e}", file=sys.stderr)
+        if changed > 0:
+            with p.open("w") as f:
+                config.write(f, space_around_delimiters=False)
+            print(f"Disabled {changed} repositories in {p}")
+    except Exception as e:
+        print(f"Error when processing {p}: {e}", file=sys.stderr)
+
+
+if __name__ == "__main__":
+    for arg in sys.argv[1:]:
+        p = pathlib.Path(arg)
+        if p.is_file():
+            process_repo(p)
+        elif p.is_dir():
+            for child in p.iterdir():
+                if child.suffix == ".repo":
+                    process_repo(child)
diff --git a/rhccc-disable-rhui-repos.service.in b/rhccc-disable-rhui-repos.service.in
new file mode 100644
index 0000000..ac0e16e
--- /dev/null
+++ b/rhccc-disable-rhui-repos.service.in
@@ -0,0 +1,14 @@
+[Unit]
+Description=Run disable-rhui-repos on first boot
+ConditionPathExists=/etc/rhccc-firstboot-run
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/rm /etc/rhccc-firstboot-run
+ExecStart=-/usr/bin/touch /var/lib/rhui/disable-rhui
+ExecStart=@libexecdir@/rhccc-disable-rhui-repos.py /etc/yum.repos.d/
+
+[Install]
+WantedBy=multi-user.target